I'm glad we can finally agree on something 
Can we also agree that this has NOTHING to do with how kibana communicates with Elasticsearch and as such with the xpack.security. enabled: true in or the elasticsearch.url settings ?
The "circumstance" you mention is the missing server.ssl.enabled:true and this error only has to do with that. I explained to you why this error occurs in my answer in What does "A secure connection is required for log in" mean? - #2 by ikakavas
There is no need for provoking questions. The only thing we have been trying to explain to you is that the way that Kibana communicates with Elasticsearch (via TLS on https://elasticsearch-hostname:9200 or plain http on http://elasticsearch-hostname:9200 ) has NOTHING to do with the error above. Can we just agree upon that and move on ?